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* Drawings 

1 . The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(4) 
because reference characters 14, 16, 22, 24, and 38 have been used to designate 
several items in figure 1 and character 14 have been used to designate several items in 
figure 5. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in 
reply to the Office action to avoid abandonment of the application. Any amended 
replacement drawing sheet should include all of the figures appearing on the immediate 
prior version of the sheet, even if only one figure is being amended. Each drawing sheet 
submitted after the filing date of an application must be labeled in the top margin as 
either "Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If the 
changes are not accepted by the examiner, the applicant will be notified and informed of 
any required corrective action in the next Office action. The objection to the drawings 
will not be held in abeyance. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



Application/Control Number: 10/759,182 Page 3 

Art Unit: 2141 

3. Claims 1-35 are rejected under 35 U.S.C. 102(e) as being anticipated by Young 
et al. (2003/0093563). 

4. As per claim 1 , Young et al. teaches a method in a router having at least one 
outbound interface (paragraph 0013), the method comprising: establishing, on one of 
the outbound interfaces, a plurality of Internet Protocol (IP-based secure connections 
with respective destinations based on receiving encrypted packets generated by a 
cryptographic module (paragraph 0098), each encrypted packet successively output 
from the cryptographic module having a corresponding successively-unique sequence 
number (paragraphs 0067 and 0143: wherein datagram serves the function of a 
sequence number); controlling supply of data packets to the cryptographic module 
(paragraph 0123: wherein MAND serves the function of a cryptographic module) by: (1) 
assigning, for each secure connection, a corresponding queuing module (paragraph 
0051), (2) reordering, in each queuing module, a corresponding group of the data 
packets associated with the corresponding secure connection according to a 
determined quality of service policy (paragraph 0009) and based on a corresponding 
assigned maximum output bandwidth for the corresponding queuing module, and (3) 
outputting to the cryptographic module the group of data packets, from each 
corresponding queuing module according to the corresponding assigned maximum 
output bandwidth, for generation of the encrypted packets (paragraph 0051); and 
second outputting the encrypted packets from the cryptographic module to the one 
outbound interface for transport via their associated secure connections (paragraph 
0098). 
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5. As per claim 10, Young et al. teaches a router comprising: a cryptographic 
module configured for successively outputting encrypted packets having respective 
successively-unique sequence numbers (paragraphs 0067 and 0143: wherein datagram 
serves the function of a sequence number); an outbound interface configured for 
establishing a plurality of Internet Protocol (IP)-based secure connections with 
respective destinations based on receiving respective streams of the encrypted packets 
(paragraph 0098); and a queue controller configured for controlling supply of data 
packets to the cryptographic module, the queue controller configured for assigning, for 
each secure connection, a corresponding queuing module, each queuing module 
configured for: (I) outputting to the cryptographic module a corresponding group of the 
data packets associated with the corresponding secure connection (paragraph 0051), 
and according to a corresponding assigned maximum output bandwidth for the 
corresponding queuing module, for generation of the corresponding stream of the 
encrypted packets (paragraphs 0085-0087), and (2) reordering the corresponding group 
of the data packets according to a determined quality of service policy and the 
corresponding assigned maximum output bandwidth (paragraph 0009). 

6. As per claim 18, Young et al. teaches a computer readable medium having 
stored thereon sequences of instructions for outputting encrypted packets by a router 
having at least one outbound interface, the sequences of instructions including 
instructions for: establishing, on the outbound interface, a plurality of Internet Protocol 
(IP)-based secure connections with respective destinations based on receiving 
encrypted packets generated by a cryptographic module (paragraph 0098), each 
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encrypted packet successively output from the cryptographic module having a 
corresponding successively-unique sequence number (paragraphs 0067 and 0143: 
wherein datagram serves the function of a sequence number); controlling supply of data 
packets to the cryptographic module (paragraph 0123: wherein MAND serves the 
function of a cryptographic module) by: (1) assigning, for each secure connection, a 
corresponding queuing module (paragraph 0051), (2) reordering, in each queuing 
module, corresponding group of the data packets associated with the corresponding 
^ secure connection according to a determined quality of service policy (paragraph 0009) 
and based on a corresponding assigned maximum output bandwidth for the 
corresponding queuing module (paragraph 0051), and (3) outputting to the 
cryptographic module the group of data packets, from each corresponding queuing 
module according to the corresponding assigned maximum output bandwidth, for 
generation of the encrypted packets (paragraph 0051); and second outputting the 
encrypted packets from the cryptographic module to the one outbound interface for 
transport via their associated secure connections (paragraph 0098). 
7. As per claim 27, Young et al. teaches A router having at least one outbound 
interface, the router further comprising: means for establishing, on the outbound 
interface, a plurality of Internet Protocol (IP)-based secure connections with respective 
destinations based on receiving encrypted packets (paragraph 0098); means for 
generating the encrypted packets, each encrypted packet successively output having a 
corresponding successively-unique sequence number (paragraphs 0067 and 0143: 
wherein datagram serves the function of a sequence number) and means for controlling 
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supply of data packets to the generating means (paragraph 0123: wherein MAND 
serves the function of a cryptographic module), including: (1) means for assigning, for 
each secure connection, a corresponding queuing means for queuing data packets 
(paragraph 0051), (2) means for reordering, in each queuing means, a corresponding 
group of the data packets associated with the corresponding secure connection 
according to a determined quality of service policy (paragraph 0009) and based on a 
corresponding assigned maximum output bandwidth for the corresponding queuing 
means, the means for reordering configured for outputting to the generating means the 
group of data packets, from each corresponding queuing means according to the 
corresponding assigned maximum output bandwidth, for generation of the encrypted 
packets (paragraph 0098). 

8. As per claims 2, 1 1 , 19, and 28, Young et al. teaches a method, wherein the 
reordering step includes, in each queuing module, reordering the corresponding group 
of the data packets according to the determined quality of service policy in response to 
detection of a congestion condition in the one outbound interface (paragraph 0009). 

9. As per claims 3, 12, 20, and 29, Young et al. teaches a method, wherein the 
reordering step includes, in each queuing module: establishing a plurality of queues 
having respective identified priorities (paragraph 0051); storing each data packet 
associated with the corresponding secure connection in one of the queues based on a 
corresponding identified priority for said each data packet (paragraph 0019); and 
selectively outputting the stored data packets from the queues, according to the 
corresponding quality of service policy (paragraph 0009). 
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10. As per claims 4, 21 , and 30, Young et al. teaches a method, wherein: the 
establishing step includes establishing, on each of a plurality of the outbound interfaces 
(paragraph 0080), a corresponding plurality of the secure corrections with a 
corresponding plurality of respective destinations based on receiving a corresponding 
stream of encrypted packets from the cryptographic module (paragraph 0082); the 
controlling step includes controlling the supply of data packets, for each outbound 
interface, from the cryptographic module based on repeating the assigning, reordering, 
and outputting steps for each of the secure connections (paragraph 0150); the second 
outputting step including outputting each encrypted packet to a corresponding one of 
the outbound interfaces according to a routing decision executed by the router 
(paragraph 0098). 

11. As per claims 5, 13, 22, and 31, Young et al. teaches a method, wherein the 
second outputting step includes outputting the encrypted packets for transport via their 
associated secure connections according to IP Security (IPSEC) protocol (paragraph 
0123). 

12. As per claims 6, 14, 23, and 32, Young et al. teaches a method, wherein the 
determined quality of service policy implements a guaranteed quality of service for one 
of a video stream and an audio stream (paragraph 0053). 

13. As per claims 7, 15, 24, and 33, Young et al. teaches a method, wherein the 
audio stream is a Voice over IP media stream (paragraph 0053). 
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14. As per claims 8, 16, 25, and 34, Young et al. teaches a method, wherein the 
controlling step further includes obtaining, for each queuing module, the corresponding 
assigned maximum output bandwidth from a configuration register (paragraph 0051). 

15. As per claims 9, 17, 26, and 35, Young et al. teaches a method, wherein the 
controlling step further includes negotiating, for at least one queuing module, the 
corresponding assigned maximum output bandwidth with the corresponding destination 
(paragraphs 0085-0087). 

16. As per claim 21 , Young et al. teaches a medium, wherein: the establishing step 
includes establishing, on each Of a plurality of the outbound interfaces, a corresponding 
plurality of the secure connections with a corresponding plurality of respective 
destinations based on receiving a corresponding stream of encrypted packets from the 
cryptographic module (paragraph 0098); the controlling step includes controlling the 
supply of data packets, for each outbound interface, from the cryptographic module 
based on repeating the assigning, reordering, and outputting steps for each of the 
secure connections (paragraph 0150); the second outputting step including outputting 
each encrypted packet to a corresponding one of the outbound interfaces according to a 
routing' decision executed by the router (paragraph 0098). 

Conclusion 

17. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. These references are disclosed in the Notice of References Cited 
and teach numerous other ways of implementing an arrangement in an IP node for 
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preserving security-based sequences by ordering IP packets according to quality of 
service requirements prior to encryption, thus a close review of them is suggested. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ranodhi Serrao whose telephone number is (571)272- 
7967. The examiner can normally be reached on 8:00-4:30pm, M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Rupal Dharia can be reached on (571)272-3880. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




